CVE-2020-8227
published 2020-08-21CVE-2020-8227: Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the…
medium6.8CVSS 3.1
AVNACLPRHUIRSUCHIHAH
Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nextcloud-desktop | < nextcloud-desktop 3.0.1-1 (bookworm) | nextcloud-desktop 3.0.1-1 (bookworm) |
| nextcloud | desktop | < 2.6.5 | 2.6.5 |
CVSS provenance
nvdv3.16.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
osv6.8MEDIUM